AHMED ZBYR

AHMED ZBYR

Biker, EV Enthusiast

Ansible and Terraform: The Perfect Pair for DevOps and Hybrid Cloud

In today’s dynamic IT landscape, automation is not just a nice-to-have, it’s a necessity. DevOps teams rely on powerful tools to manage infrastructure efficiently and consistently. Two tools that consistently rise to the top are Terraform and Ansible. While both fall under the umbrella of Infrastructure as Code (IaC), they shine in different areas, making them ideal partners. Terraform excels at provisioning infrastructure resources, while Ansible is a master of configuring and managing those resources. Think of Terraform as the architect building the “house” (infrastructure) and Ansible as the interior designer, furnishing and customizing it.

This synergy is incredibly valuable when you need to create a fully functional node, from initial setup to application deployment. Whether you’re working in the cloud (AWS, Azure, GCP) or in your own data center, this combination can streamline your workflows.

Terraform: Orchestrating Infrastructure Provisioning

Terraform, created by HashiCorp, is an open-source infrastructure-as-code tool that empowers you to define and provision infrastructure using a declarative configuration language. It’s designed to work seamlessly with numerous cloud providers like AWS, Azure, and Google Cloud, as well as on-premises virtualization platforms. Terraform maintains a “state” file that diligently tracks the resources it manages, guaranteeing consistent and predictable deployments, preventing configuration drift.

Key Features of Terraform:

  • Declarative Configuration: You describe the desired state of your infrastructure in code, and Terraform intelligently figures out the steps required to achieve that state. This contrasts with imperative approaches where you specify each step.
  • Infrastructure as Code (IaC): Your infrastructure is defined in human-readable code, enabling version control (using Git, for example), seamless collaboration among team members, and repeatable deployments across different environments.
  • Multi-Provider Support: Terraform boasts extensive support for a vast range of providers, enabling you to manage a diverse array of infrastructure resources, from virtual machines and networks to databases and serverless functions.
  • State Management: Terraform meticulously tracks the state of your infrastructure, acting as a single source of truth and preventing configuration drift. This is critical for maintaining consistency and reliability.
  • Dependency Management: Terraform automatically handles dependencies between resources, ensuring that resources are created in the correct order.

Ansible: Configuration Management and Application Deployment

Ansible, now a Red Hat product, is a powerful and versatile automation engine that simplifies configuration management, application deployment, and task automation. It leverages a simple, human-readable language (YAML) to define automation tasks within “playbooks.” One of Ansible’s key strengths is its agentless architecture, meaning it doesn’t require any special software to be installed on the managed nodes (although SSH access is essential).

Key Features of Ansible:

  • Agentless Architecture: The absence of agents on managed nodes greatly simplifies deployment and ongoing maintenance. Ansible communicates with nodes over SSH or other standard protocols.
  • YAML-Based Playbooks: Ansible playbooks are written in YAML, a human-readable data serialization language, making them easy to learn, understand, and maintain.
  • Idempotency: Ansible ensures that tasks are executed only when changes are necessary. If a desired state is already achieved, Ansible will skip the task, preventing unintended modifications and ensuring stability.
  • Modules: Ansible offers a rich and extensive library of modules for managing a wide variety of systems, applications, and devices. These modules abstract away the complexities of interacting with different technologies.
  • Orchestration: Ansible can orchestrate complex workflows across multiple systems, ensuring that tasks are executed in the correct order and with the necessary dependencies met.

Synergy: A Holistic Approach to Infrastructure Automation

The real magic happens when you combine the strengths of Terraform and Ansible. Terraform takes the lead in provisioning the underlying infrastructure (virtual machines, networks, load balancers, databases, etc.), while Ansible steps in to configure the software, settings, and applications on those provisioned resources. This powerful combination results in a fully automated and repeatable infrastructure deployment pipeline.

Here’s a breakdown of how they work together:

  • Terraform: Provisions the virtual machine in the cloud (or on-premises). Installs the base operating system. Configures the network interfaces and firewall rules. Creates storage volumes.
  • Ansible: Installs and configures web server software (e.g., Apache, Nginx, or IIS). Deploys application code from a repository. Configures firewalls and security settings in detail. Sets up monitoring and logging agents. Automates software updates.

Example: Deploying a Web Application on a Cloud Instance

Let’s illustrate this with a practical example: creating a virtual machine on Google Cloud Platform (GCP) using Terraform and then deploying and configuring the Nginx web server using Ansible.

1. Terraform Configuration (main.tf)

This Terraform configuration defines a GCP Compute Engine instance. Before running, replace "your-gcp-project-id" and the SSH key path with your actual project ID and the location of your SSH key.

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 4.0"
    }
  }
}

provider "google" {
  project     = "your-gcp-project-id"
  region      = "us-central1"
  zone        = "us-central1-a"
}

resource "google_compute_network" "vpc_network" {
  name                    = "terraform-network"
  auto_create_subnetworks = false // We'll define our own subnet
}

resource "google_compute_subnetwork" "vpc_subnetwork" {
  name          = "terraform-subnet"
  ip_cidr_range = "10.10.10.0/24"
  network       = google_compute_network.vpc_network.id
  region        = "us-central1"
}

resource "google_compute_firewall" "firewall" {
  name    = "allow-http-https"
  network = google_compute_network.vpc_network.name

  allow {
    protocol = "tcp"
    ports    = ["80", "443", "22"] //Allow SSH, HTTP, and HTTPS
  }

  source_ranges = ["0.0.0.0/0"] //Allow from anywhere for testing
}

resource "google_compute_instance" "example" {
  name         = "ansible-terraform-gcp-example"
  machine_type = "e2-micro" // Cost-effective instance type
  zone         = google.provider.zone

  // Configure the boot disk with a Debian 11 image
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  // Configure the network interface to get a public IP
  network_interface {
    network    = google_compute_network.vpc_network.id
    subnetwork = google_compute_subnetwork.vpc_subnetwork.id
    access_config {
      // Empty block assigns an ephemeral public IP
    }
  }

  // Inject your public SSH key for Ansible to connect
  metadata = {
    ssh-keys = "${var.ssh_user}:${file(var.ssh_public_key_path)}"
  }

  // Add labels (similar to AWS tags)
  labels = {
    environment = "dev"
    source      = "terraform"
  }

  // Run the Ansible playbook after the instance is created
  provisioner "local-exec" {
    // Wait for SSH to be ready and then run Ansible
    command = "sleep 60; ansible-playbook -i '${self.network_interface[0].access_config[0].nat_ip},' --user ${var.ssh_user} --private-key ${var.ssh_private_key_path} playbook.yml"
  }
}

// Variables for SSH configuration
variable "ssh_user" {
  description = "The username for SSH access (e.g., 'devops'). This will be created on the GCE instance."
  type        = string
  default     = "devops"
}

variable "ssh_public_key_path" {
  description = "The file path to your public SSH key."
  type        = string
  default     = "~/.ssh/id_rsa.pub"
}

variable "ssh_private_key_path" {
  description = "The file path to your private SSH key."
  type        = string
  default     = "~/.ssh/id_rsa"
}

// Output the public IP address of the instance
output "public_ip" {
  value       = google_compute_instance.example.network_interface[0].access_config[0].nat_ip
  description = "The public IP address of the GCE instance."
}

Important Notes:

  • Provisioner “local-exec”: This instructs Terraform to execute a command on the machine where you are running terraform apply (your local computer or a CI/CD server) after the GCE instance has been successfully created. It’s generally recommended to use this sparingly and explore alternatives like remote-exec provisioners or cloud-init for more robust deployments.

  • Security: The example firewall rule allows traffic from anywhere (0.0.0.0/0) for ports 80, 443, and 22. For production environments, restrict these source ranges to only trusted networks.

2. Ansible Playbook (playbook.yml)

This Ansible playbook installs Nginx, deploys a simple HTML page, and configures the Nginx server.

---
- hosts: all
  become: true
  tasks:
    - name: Update apt cache
      apt:
        update_cache: yes
      when: ansible_os_family == "Debian"

    - name: Install Nginx
      apt:
        name: nginx
        state: present
      when: ansible_os_family == "Debian"

    - name: Create custom Nginx webpage
      copy:
        dest: /var/www/html/index.html
        content: |
          <html>
          <head>
            <title>Welcome to Nginx on Ansible!</title>
          </head>
          <body>
            <h1>Nginx is running via Ansible!</h1>
            <p>This server was provisioned with Terraform and configured with Ansible.</p>
          </body>
          </html>
      notify:
        - restart nginx

  handlers:
    - name: restart nginx
      service:
        name: nginx
        state: restarted

Explanation:

  • hosts: all: Targets all hosts defined in the inventory (in this case, a single host passed via the command line via Terraform’s local-exec provisioner).
  • become: true: Executes the tasks with elevated privileges (using sudo).
  • apt: name=nginx state=present: Installs the Nginx package using the apt module (specific to Debian/Ubuntu systems). The when condition makes this task only run on Debian-based systems.
  • copy: Creates a custom HTML page and places it in the Nginx web root directory.
  • notify: Triggers the restart nginx handler whenever the content of the HTML file changes.
  • handlers: Defines the actions to take when notified. In this case, it restarts the Nginx service.

3. Running the Example

  1. Initialize Terraform:

     terraform init

  2. Apply the Terraform configuration:

     terraform apply -auto-approve

    Terraform will provision the GCE instance, and the local-exec provisioner will then trigger the Ansible playbook. After completion, you should be able to access your custom Nginx webpage in your browser using the public IP address of the instance (which Terraform outputs).

4. Destroying the Infrastructure

When you’re finished experimenting, destroy the infrastructure to avoid incurring unnecessary costs:

terraform destroy -auto-approve

Conclusion

Terraform and Ansible form a powerful and versatile combination for modern infrastructure management. Terraform handles the crucial task of provisioning infrastructure resources, while Ansible excels at configuring and managing those resources, deploying applications, and automating ongoing maintenance tasks. This synergy empowers DevOps teams to build and maintain reliable, scalable, and efficient infrastructure across a wide range of environments, from cloud platforms to on-premises data centers. While this example provides a basic introduction, the possibilities for automation with these tools are virtually limitless. By mastering Terraform and Ansible, you can significantly improve your DevOps workflows, accelerate application delivery, and build more resilient and scalable infrastructure to support your business needs.

You May Also Enjoy